Certifications

ISO 27001:2005 certification

Media Systems is ISO 27001 certified. ISO 27001 has brought information security under explicit management control by establishing an Information Security Management System throughout our organization. ISO 27001 specifies requirements for the implementation, monitoring, review, maintenance and improvement of an integrated information management system. We have a continual improvement approach of managing our information risks through the Plan-Do-Check-Act cycle. This has helped us to focus on

protecting the confidentiality, integrity and availability of the information and related assets of Media Systems as well as that of our clients.

To know more about our information security policies please contact us

HIPAA Compliance

As a Business Associate to our clients in the healthcare and medical insurance business, Media Systems is certified HIPAA compliant. As part of HIPAA (Health Insurance Portability and Accountability Act) compliance, we use appropriate safeguards to prevent unauthorized use or disclosure of PHI (Protected Health Information) data. We have an Information Security Management System in place for continuous improvement to the information security policies and procedures. Regular third party audits are conducted at Media Systems to ensure that the HIPAA compliant practices are consistently carried out throughout the organization.

We have measures build into our Software Development Life Cycle for our Healthcare clients to ensure that the software being developed is HIPAA compliant.

HIPAA Compliance in our software development process:

During the project initialization and requirement phases; we learn the usage of electronic PHI by the proposed system and its interface to third party systems. This helps us to understand the safeguards that must be incorporated into the product/service and the

information security areas that need to be concentrated for making the product HIPAA compliant. Also the detailed requirements for the various instances of handling the PHI by the application will be identified during the requirements phase.

To ensure compliance, the software design will include details on unique user identification, authentication and monitoring; application security; audit logging; encryption and decryption of the PHI data; security of data in storage, transmission and disposal; data transmission and electronic data interchange (EDI) standards and emergency access procedures. In addition to the design elements; specific measures are taken to ensure the integrity of data in the systems and the security of production data used in test systems.

Also controls to the access of systems and servers and to the physical access to the facility is defined, implemented and monitored. The software development, test and support teams follow the above to ensure that the application that is developed, tested and deployed is in compliance to HIPAA. The IT teams are also regularly trained on HIPAA Compliance to increase awareness. To know more about our HIPAA compliant processes and policies, please contact us